Difference between revisions of "OPEN SSL - Create pkcs12 clientAuth certificat keystore (SSO Token PopUp) from CertificationAuthority and configure Tomcat connector"

From GUILLARD WIKI
Jump to navigation Jump to search
 
(5 intermediate revisions by the same user not shown)
Line 3: Line 3:


- '''initialize new certificate'''  
- '''initialize new certificate'''  
<syntaxhighlight lang="javascript"> openssl req -sha256 -nodes -newkey rsa:4096 -keyout "website.fr.key" -out "website.fr.csr" </syntaxhighlight>
<syntaxhighlight lang="javascript"> openssl req -new -newkey rsa:4096 -keyout "website.fr.key" -out "website.fr.csr" </syntaxhighlight>
 
- '''upload .csr on the CA''' Certification Authority website of your company
<br/>- '''upload .csr on the CA''' Certification Authority website of your company
<br/>- '''download .crt from the CA'''
<br/>- '''download .crt from the CA'''
<br/>- '''upload .crt to your server'''
<br/>- '''upload .crt to your server'''
 
<br/>- '''generate keystore'''
<br/>
- '''generate keystore'''
<syntaxhighlight lang="javascript">
<syntaxhighlight lang="javascript">
cat website.fr.key > server.pem
cat website.fr.key > server.pem
Line 41: Line 38:
sslProtocol="TLS" />
sslProtocol="TLS" />
</syntaxhighlight>
</syntaxhighlight>
<br/>
- '''this is now working on https''' 🎉
- '''this is now working on https''' 🎉
<br/>
<br/>

Latest revision as of 10:50, 17 December 2021

On linux server :

- initialize new certificate 

 openssl req -new -newkey rsa:4096 -keyout "website.fr.key" -out "website.fr.csr"

- upload .csr on the CA Certification Authority website of your company
- download .crt from the CA
- upload .crt to your server
- generate keystore 

cat website.fr.key > server.pem
cat website.fr.crt >> server.pem
openssl pkcs12 -export  -in server.pem -out keystore.p12

- check keystore 

openssl pkcs12 -nokeys -info -in keystore.p12

- update tomcat connector 

cd tomcat/conf/
vi server.xml
<Connector 
protocol="org.apache.coyote.http11.Http11NioProtocol"
port=10xxx
address=10.xxx.xxx.xx
scheme="https"
secure="true"
SSLEnabled="true"
keystoreFile="/xxxxxx/tomcat/certificate/keystore.p12"
keystorePass="changeit"
keystoreType="PKCS12"
clientAuth="true"
sslProtocol="TLS" />

- this is now working on https 🎉

Retrieved from "http://thomasguillard.fr/wiki/index.php?title=OPEN_SSL_-_Create_pkcs12_clientAuth_certificat_keystore_(SSO_Token_PopUp)_from_CertificationAuthority_and_configure_Tomcat_connector&oldid=331"